There’s a specific kind of silence that settles in a room after a data breach. Not the kind filled with outrage or alarms—but the quieter one. The pause when a team realizes the file that leaked had been shared three weeks earlier, thoughtlessly attached to an email or uploaded to a third-party folder. No one intended to mishandle it. But intentions don’t encrypt documents. Policies don’t follow files. And that’s where Ronald Hovsepian says the failure begins.
Hovsepian, whose resume reads like a tour through the evolution of enterprise tech—from Novell’s networking tools to Intralinks’ secure deal rooms—has been thinking about digital rights management (DRM) longer than most people have known the term. He’s not evangelical about it. He’s practical. For him, DRM isn’t a security add-on. It’s the only way to ensure a file behaves like it should, even after it leaves your building.
At Intralinks, one of his early big tests came during M&A negotiations—sensitive by design, high-stakes by default. Companies needed to share documents but feared losing control. The solution was software that didn’t just transfer files but wrapped them in rules. Who could open, how long they could keep it, what they could do with it. Access was granted, then watched. If someone left the project, their access vanished—sometimes mid-session.
I remember watching a demo once where a PDF self-disabled when the license expired. The page flickered, then closed. It was both eerie and brilliant.
That instinct—to secure the asset itself, not just the perimeter around it—has grown in urgency. In today’s digital economy, files move constantly. Collaboration no longer happens within walls. It’s cloud-based, fast-paced, often third-party. Encryption in transit helps, sure. But once decrypted, what then?
Hovsepian’s answer is that the lock should travel with the file. DRM does exactly that. Through licensing controls, encryption keys, and usage policies, it ensures that access isn’t just granted but conditional. You can read the document, but not copy it. View it from your office, but not on a personal device. Forward it, maybe—but only to someone who also has verified rights. And if your access changes, the system responds in real time.
Some call it restrictive. He calls it reasonable.
At Skillsoft, where Hovsepian now leads, DRM plays a quieter but equally critical role. Training content, leadership materials, licensed libraries—they’re valuable assets. Without DRM, it takes just one bad click for a proprietary module to land in a competitor’s inbox.
That kind of threat isn’t theoretical. Companies lose competitive advantage in increments. One leaked document, one screenshot, one forwarded email. DRM, if done right, interrupts that chain not by slowing users down, but by quietly enforcing boundaries.
Still, not every DRM system works smoothly. Older models often felt punishing—limiting access, breaking workflows, frustrating even legitimate users. Hovsepian is the first to acknowledge this. “You can’t protect everything with a sledgehammer,” he once said in a panel. Modern systems, he believes, need to feel invisible until they’re needed.
Today’s leading platforms use behavior-based access. They can adapt on the fly. If a file is accessed from a new location, or at an odd time, or by someone who hasn’t interacted with it in weeks—the system pauses, checks, maybe even locks. These are rules made not just by IT, but by context.
I found myself thinking about that flexibility the last time I reviewed a shared folder with three tiers of access and no clear owner. The illusion of control is often more dangerous than no control at all.
That’s the real lesson Hovsepian brings. In his four decades of watching technology scale, stumble, and evolve, he’s learned that trust and access are not the same. You can trust your employees and still restrict what they can share. You can collaborate widely and still contain the damage. DRM is not a substitute for culture—but it is a complement to it.
And in an age when a document can travel across five devices and three continents before lunch, that kind of embedded control may be the only thing standing between privacy and exposure.
